Sun Microsystems, Inc. Information for VU#800113

Multiple DNS implementations vulnerable to cache poisoning

Status

Affected

Vendor Statement

At the time of writing, Solaris 8, 9, and 10 with the latest patches
provide the following versions of BIND from the Internet Systems
Consortium, Inc. (ISC):

Solaris 8 BIND 8.2.4
Solaris 9 BIND 8.3.3
Solaris 10 BIND 9.3.4-P1

Thus Solaris 8, 9, and 10 are affected by the issue described in CERT
VU#800113.  Sun has published Sun Alert 240048 for this issue which is
available here:


http://sunsolve.sun.com/search/document.do?assetkey=1-66-240048-1

Full details including the contributing factors and possible workarounds
are in the above Sun Alert.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.